I know this will probably sound really silly, but I need help designing a "Log Out" feature on my website...

Questions:1.) What should a Log Out do exactly?

Log you out in the background?

Prompt you?

Redirect you?

2.) How exactly do you Log-Out a user?

session_destroy() ??

$_SESSION['loggedIn'] = FALSE;

unset($_SESSION['loggedIn']);

other??

My Log-In system currently relies entirely on Sessions, so other than a "Session Cookie", I am not using Cookies to log people in and out. Nor am I using a database for this.

Sincerely,

Debbie

guido2004
—
2011-09-07T06:03:23Z —
#2

A logout should log you out . If you want to prompt the user ('are you really sure you want to log out?') is up to you. Most sites don't.If the user is on a 'logged in only' page when he logs out, then you should redirect him to a 'visible to all' page (the home page for example). If he is on a 'visible to all' page already, there's no need to redirect.

How? All three methods you list seem ok to me. The first is the most drastic. If you store other information in the session as well that you may need even if the user isn't logged in, then I'd go with 2 or 3.